https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/a7d5b637-6df6-44f0-830f-6c131acae8f7.jpg

yixxas

Security Researcher

Web3 Security Researcher | Securing the EVM ecosystem DM for private audits

Contact Me

High

2

Solo

33

Total

Medium

2

Solo

67

Total

$60.67K

Total Earnings

#146 All Time

59x

Payouts

silver

1x

2nd Places

bronze

4x

3rd Places

regular

14x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Hats Finance

Sep '24

Circles

Circles

800.9 USDC • 1 total finding • Hats • yixxas

#5

low

It is possible for `shortName` to be calculated as the 0 bytes, breaking certain invariants

Jul '24

TraitForge

TraitForge

1,435.21 USDC • 4 total findings • Code4rena • yixxas

#4

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

medium

A dev will lose rewards if after claiming his rewards he mints an NFT

medium

Pause and unpause functions are inaccessible

medium

Lack of ability to make an some external function calls makes the DAO stage unreachable.

MakerDAO Endgame

MakerDAO Endgame

3,479.30 USDC • Sherlock • yixxas

#28

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

0.08 USDC • 1 total finding • Sherlock • yixxas

#64

medium

Rebasing tokens that are used as staking tokens can prevent users from withdrawing

May '24

safe-extensions

safe-extensions

1,795.82 USDC • 1 total finding • Cantina • yixxas

#18

medium

Finding not yet public.

Mar '24

Abracadabra Mimswap

Abracadabra Mimswap

2,068.88 USDC • 1 total finding • Code4rena • yixxas

#6

medium

Staking contract is not able to support native USDB/WETH

Feb '24

curvance

curvance

1,018.37 USDC • 1 total finding • Cantina • yixxas

#31

high

Finding not yet public.

Fenix Finance

Fenix Finance

4,800 USDC • 1 total finding • Hats • yixxas

bronze

high

Protocol fees collected in PairFees are lost due to accrued yield

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

1,699 USDC • 1 total finding • Immunefi • yixxas

#9

medium

Finding not yet public.

Jan '24

Blast

Blast

9,881.27 USDC • 2 total findings • Cantina • yixxas

#30

medium

Finding not yet public.

medium

Finding not yet public.

Curves

Curves

2.46 USDC • 3 total findings • Code4rena • yixxas

#116

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Aug '23

Sparkn

Sparkn

198.38 USDC • 1 total finding • CodeHawks • yixxas

#27

high

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

Arbitrum Security Council Election System

Arbitrum Security Council Election System

85.11 USDC • Code4rena • yixxas

#17

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

37.93 USDC • 1 total finding • CodeHawks • yixxas

#55

medium

High - Funds can be lost if any participant is blacklisted

PoolTogether

PoolTogether

1,784.28 USDC • 1 total finding • Code4rena • yixxas

#13

medium

Threshold check for adding of new tiers is skipped when `_nextNumberOfTiers` is at the maximum

May '23

Ajna Protocol

Ajna Protocol

304.58 USDC • Code4rena • yixxas

#29

Apr '23

JOJO Exchange

JOJO Exchange

160.28 USDC • 1 total finding • Sherlock • yixxas

#39

medium

Missing `payable` in `execute()`

Teller

Teller

280.30 USDC • 3 total findings • Sherlock • yixxas

#22

medium

Fee on transfer token deposited into escrow cannot be withdrawn

medium

Withdrawing of collateral can be DOSed by anyone

medium

Owner can steal from lender by changing the LenderManager contract

Frankencoin

Frankencoin

306.44 USDC • 1 total finding • Code4rena • yixxas

#25

medium

Manipulation of total share amount might cause future depositors to lose their assets

Caviar Private Pools

Caviar Private Pools

26.17 USDC • 3 total findings • Code4rena • yixxas

#63

medium

`Factory.create`: Predictability of pool address creates multiple issues.

medium

Royalty recipients will not get fair share of royalties

medium

`changeFeeQuote` will fail for low decimal ERC20 tokens

Mar '23

Y2K

Y2K

507.61 USDC • 5 total findings • Sherlock • yixxas

#29

high

Deposit queue and rollover queue can be DOS by a malicious user

high

User can avoid paying depositFee by rolling over from previous epoch

high

`enlistInRollover()` wrongly updates state of `ownerToRollOverQueueIndex[_receiver]`

medium

Epoch is considered both started and not started when `block.timestamp == epochConfig[_id].epochBegin`

medium

It is still possible for users to lose their funds when the counterparty vault has no deposits

Taurus

Taurus

173.01 USDC • 1 total finding • Sherlock • yixxas

#11

high

Collateral ratio is computed wrongly for collaterals that are not 18 decimals

Feb '23

Syndr

Syndr

1,749.06 USDC • Sherlock • yixxas

bronze

Findings not publicly available for private contests.

Volta

Volta

168.84 USDC • Sherlock • yixxas

#9

Findings not publicly available for private contests.

Carapace

Carapace

25.25 USDC • 1 total finding • Sherlock • yixxas

#33

high

Protection may not be expirable due to out-of-gas possiblity

OpenQ

OpenQ

256.89 USDC • 5 total findings • Sherlock • yixxas

#25

high

`fundingTotals` is not accounted for when deposits are refunded

high

`refundDeposit()` can reach the out-of-gas state

high

An attacker can use a malicious token contract to force prevent atomic bounty and tiered percentage bounty claims

medium

Whitelisted tokens are not limited by `TOKEN_ADDRESS_LIMIT`

medium

`getLockedFunds()` is calculating locked funds wrongly if there are claims made

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

0.75 USDC • 1 total finding • Code4rena • yixxas

#85

high

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Cooler

Cooler

78.74 USDC • 3 total findings • Sherlock • yixxas

#25

high

Lender cannot choose the exact amount of `duration` they allow Borrower to extend the loan by

high

`transfer()` and `transferFrom()` should not be used for arbitrary tokens

medium

Terms for expiry date for loans can be bypassed

Ajna

Ajna

7,285.38 USDC • 3 total findings • Sherlock • yixxas

#4

high

`moveQuoteToken()` can cause bucket to go bankrupt but it is not reflected in the accounting

high

A bucket can go bankrupt without the bankruptcy time being updated

medium

Interest rate for pool is bounded wrongly

UXD Protocol

UXD Protocol

521.20 USDC • 4 total findings • Sherlock • yixxas

#15

high

Assets can be stolen when rebalancing if there are excess tokens in spot swap

high

Funds that are meant to be used for insurance can be maliciously used to pay for rebalance instead.

medium

Protocol cannot actually rebalanceNegative due to missing approval.

medium

Wrong number of decimals used when depositing `quoteAmount` in rebalance

Dec '22

Papr contest

Papr contest

460 USDC • Code4rena • yixxas

#15

GoGoPool contest

GoGoPool contest

869.54 USDC • 4 total findings • Code4rena • yixxas

#27

high

Hijacking of node operators minipool causes loss of staked funds

medium

slashing fails when node operator doesn't have enough staked `GGP`

medium

Recreated pools receive a wrong AVAX amount due to miscalculated compounded liquid staker amount

medium

NodeOp funds may be trapped by a invalid state transition

Forgeries contest

Forgeries contest

110.27 USDC • 1 total finding • Code4rena • yixxas

#17

medium

Protocol safeguards for time durations are skewed by a factor of 7. Protocol may potentially lock NFT for period of 7 years.

Caviar contest

Caviar contest

287.42 USDC • 3 total findings • Code4rena • yixxas

#22

high

First depositor can break minting of shares

medium

Price will not always be 18 decimals, as expected and outlined in the comments

medium

Rounding error in buyQuote might result in free tokens

Rain

Rain

852.56 USDC • Sherlock • yixxas

bronze

Findings not publicly available for private contests.

Tigris Trade contest

Tigris Trade contest

11.69 USDC • 1 total finding • Code4rena • yixxas

#63

medium

Chainlink price feed is not sufficiently validated and can return stale price

Escher contest

Escher contest

148.6 USDC • 4 total findings • Code4rena • yixxas

#24

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

medium

ETH will get stuck if all NFTs do not get sold.

medium

Unsafe downcasting operation truncate user's input

medium

selfdestruct() will not be available after EIP-4758

Nov '22

Opyn Crab Netting

Opyn Crab Netting

1,557.02 USDC • 3 total findings • Sherlock • yixxas

bronze

high

`deposits[]` and `withdraws[]` are unbounded. This will lead to users being unable to `withdrawUSDC()` or `dequeueCrab()`

high

Malicious user with a USDC blacklisted address can break the protocol's `netAtPrice()` functionality

medium

Wrong number of decimals used in computation result in wrong values of WETH transferred

Isomorph

Isomorph

495.93 USDC • 3 total findings • Sherlock • yixxas

#13

medium

Insufficient check in `getOraclePrice()` can return incorrect data

medium

Assumption that 1 USDC = 1 USD is extremely dangerous in the event of a depeg of USDC

medium

Timelock for `changeCollateralType()` is much lesser than intended

Redacted Cartel contest

Redacted Cartel contest

53.49 USDC • Code4rena • yixxas

#46

Telcoin

Telcoin

566.82 USDC • 2 total findings • Sherlock • yixxas

#4

medium

`slash()` can be frontrunned to avoid the penalty imposed on them

medium

`transfer()` and `transferFrom()` should not be used when interacting with arbitrary ERC20 tokens

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

651.11 USDC • 6 total findings • Code4rena • yixxas

#23

high

Reentrancy in LiquidStakingManager.sol#withdrawETHForKnow leads to loss of fund from smart wallet.

medium

Address.isContract() is not a reliable way of checking if the input is an EOA

medium

Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%

medium

GiantPool should not check ETH amount on withdrawal

medium

Adding non EOA representative

medium

Withdrawing wrong LPToken from GiantPool leads to loss of funds

DODO

DODO

513.13 USDC • 2 total findings • Sherlock • yixxas

#4

medium

Usage of transfer can lock out funds if gas cost changes

medium

ERC20 transfer used for arbitrary tokens can fail silently

SIZE contest

SIZE contest

5.6 USDC • 1 total finding • Code4rena • yixxas

#42

medium

Attacker may DOS auctions using invalid bid parameters

Oct '22

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

24.59 USDC • 1 total finding • Code4rena • yixxas

#32

medium

Owner can transfer all ERC20 reward token out using function recoverERC20

Astaria

Astaria

347.62 USDC • 5 total findings • Sherlock • yixxas

#18

high

`_deleteLienPosition()` is lacking access control

high

_validateCommitment() can be bypassed as 0 address is not checked on the return value of ecrecover

high

`protocolFee` and `buyoutFee` are not set in constructor() and there is no way to set its value

medium

Auction time extension in `createBid()` is calculated wrongly

medium

AuctionHouse max duration is not used correctly

Juicebox contest

Juicebox contest

1,108.06 USDC • 1 total finding • Code4rena • yixxas

#11

high

Making a payment to the protocol with `_dontMint` parameter will result in lost fund for user.

Union Finance

Union Finance

908.78 USDC • 4 total findings • Sherlock • yixxas

#12

medium

`cancelVouch()` can break some parts of the protocol due to the way it changes the vouchers array.

medium

`redeem()` may not withdraw the correct amount of underlying token for caller for the number of uTokens burned

medium

`removeAdapter()` does not ensure that the money market that is removed no longer carries any assets.

medium

`removeAdaptor()` is not removing the removed money market from `withdrawSeq[]`.

Sep '22

Knox Finance

Knox Finance

8,390.97 USDC • 3 total findings • Sherlock • yixxas

silver

high

User unable to withdraw at the end of an auction if the order they placed is the same as clearing price, but did not receive any fills.

high

Auction can potentially sell more contracts than it has collateral for.

medium

_getNextFriday() returns wrong value when timestamp is between Monday 12am and 8am.

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

39.16 USDC • 1 total finding • Code4rena • yixxas

#66

medium

frxETHMinter.depositEther may run out of gas, leading to lost ETH

Art Gobblers contest

Art Gobblers contest

55.2 USDC • Code4rena • yixxas

#21

Harpie

Harpie

28.27 USDC • 1 total finding • Sherlock • yixxas

#19

medium

withdrawPayments() will not be callable once opcode gas cost increases

Y2k Finance contest

Y2k Finance contest

1,541.14 USDC • 1 total finding • Code4rena • yixxas

#9

medium

function changeController() has rug potential as admin can unilaterally withdraw all user funds from both risk and insure vaults

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.81 USDC • Code4rena • yixxas

#11

Nouns Builder contest

Nouns Builder contest

222.37 USDC • 1 total finding • Code4rena • yixxas

#57

medium

Loss of Veto Power can Lead to 51% Attack

Aug '22

Olympus DAO contest

Olympus DAO contest

304.34 USDC • 1 total finding • Code4rena • yixxas

#44

medium

After endorsing a proposal, user can transfer votes to another user for endorsing the same proposal again

Nouns DAO contest

Nouns DAO contest

35.44 USDC • Code4rena • yixxas

#41

FIAT DAO veFDT contest

FIAT DAO veFDT contest

77.72 USDC • 1 total finding • Code4rena • yixxas

#35

medium

ERROR IN UPDATING **_checkpoint** IN THE **increaseUnlockTime** FUNCTION

Foundation Drop contest

Foundation Drop contest

42.83 USDC • 1 total finding • Code4rena • yixxas

#54

medium

Possible to bypass saleConfig.limitPerAccount